The Roaming Computing System (Windows Edition) Changelog

Changes to released versions and ongoing changes toward the next RCS are described here. We do major RCS upgrades when there is a 'pulse' of new versions of the most important desktop software (LibreOffice, Firefox and Thunderbird); and an ongoing series of minor RCS updates with security fixes.

Version 4.2.22 - 12 June 2014

Firefox 24.6.0 ESR (build 5267) → 24.6.0 ESR (build 5273)
Mozilla initially released a version of Firefox 24.6 with issues, which they fixed in this new build. Requires new Firefox Setup 24.6.0esr.exe.

pfSense firewall / router 2.1.1 → 2.1.2 - security update for CVE-2014-0160 (Heartbleed) and CVE-2014-0076 (ECDSA Flaw). Note that the pfSense people recommend that "You will want to perform a full security audit of your pfSense installations, renewing any passwords, generating or fitting new certificates, placing the old certificates on a CRL [certificate revocation list], etc."

Note: Windows XP End Of Life - Windows XP has reached its end of life and security updates are no longer available for Microsoft's non fee paying customers. Our RCS 5, a Windows 7-based system to replace the Windows XP-based RCS 4, is nearing completion and will be available in a couple of months.

The lack of security updates for Windows XP means you have to get off XP soon, but it's a gradual thing. You're always susceptible to viruses and other malware; it is nearly always the hackers / attackers who find the weaknesses and exploit them, with Microsoft eventually playing catch-up weeks or months later by patching the flaws on the monthly Patch Tuesday. So Windows XP will gradually grow more vulnerable, rather than it being an instantaneous thing. Not to down play the need to move off XP, but around 28% of desktop computers worldwide still run Windows XP, and most won't be receiving security updates from Microsoft.

Our RCS 4 system is well protected anyway, because people are logged in with a standard user account (not Administrator or Power User); the network is behind a high quality firewall; anti-virus software is running and up-to-date; all other software is kept updated with security patches; and Firefox is used to browse the web and with an ad-blocker running (adverts being a vector for attack).

For the time being, dispel the Windows popup in the middle of the screen that warns about XP's end of life (and tick the checkbox for it not to annoy you again). The other popup message, from Microsoft Security Essentials, says that support for it is ending, but this is not the case, because though you might now be stuck on Security Essentials 4.5 (newly installed last week), it is true that no more of the infrequent updates to the program itself will be released, but it will continue to automatically receive the all-important anti-virus definition updates until July 2015.

As an extra measure, occasionally run Malwarebytes Anti-malware, doing a manual scan for malware (as opposed to viruses). It is also important that you do not use Internet Explorer (version 8 is installed) as it too has reached its end of life.

Note: The Heartbleed Bug, CVE-2014-0160 (+ CVE-2014-0076) - a bug has been found in the way that particular versions of a popular encryption software is used, OpenSSL. OpenSSL is used to secure systems such as web sites, email, VPNs, file hosting services and banks. The bug allows people to gain access to computer systems, to be able to access data on web servers and in email mailboxes, and to steal the secret keys that protect VPNs, without leaving any trace. This bug has been present for 2 years. It was said today that "this is the most catastrophic security flaw the internet may have ever witnessed" and Bruce Schneier said ""Catastrophic" is the right word. On the scale of 1 to 10, this is an 11." Because it is not the encryption algorithm itself that is broken, rather the software implementation that uses it, servers can be secured again by updating their software, and giving new certificates, keys and passwords to people. In terms of data disclosure it couldn't be much worse, but at least in terms of difficulty to fix it isn't so bad

It is important that the pfSense firewall router is upgraded to the forthcoming version 2.1.2 (available very soon) ASAP as attackers will be using this attack method now; OpenVPN software on remote access laptops upgraded to 2.3.3 (available 10th April); existing VPN certificates for everyone who uses the VPN will need to be revoked; and new certificates recreated, distributed to them and installed.

You may want to get an assessment from your other software and hardware service providers what, if any, of their systems are affected. (You can use the 'Netcraft site report' to test some systems).

Version 4.2.12 - 3 April 2014

Added Malwarebytes Anti-malware 2.0. Requires mbam-setup-2.0.0.1000.exe from www.malwarebytes.org. Windows XP reaches its end of life for security updates from Microsoft on 8 April 2014; install this for added protection until move to Windows 7. Requires manually running the scan. Note that this gives different protection to Microsoft Security Essentials anti-virus.

Microsoft Security Essentials (MSE) will automatically upgrade around now from 4.4 → 4.5. New installs of MSE will not be possible after 8th April, and new versions will not be available, but if already installed then it will continue to be automatically updated by Microsoft with new anti-virus definitions until 14th July 2015.

Removed Workstation Software

QT Lite - Removed for security reasons. Development has discontinued. Uses Quicktime codec 7.6.9 / 7.69.80.9 where as the most recent version from Apple is 7.7.4 (May 22, 2013). Wikipedia claims K-Lite coedc pack will play Quicktime .mov, .hdmov .qt, though it might be that Quicktime Alternative and QT Lite are required for their 'QuickTime plugin for Opera/Firefox/Mozilla/Netscape/Google Chrome' to "allows you to view QuickTime content that is embedded in a webpage". Left in packages.xml as optional.

Other Changes to Workstation Software

Added Microsoft Visual C++ 2008 SP1 Redistributable for BlueGriffon

Server Things

TWEAK Unattended 0.9.7 → 0.9.8

NETLOGON.BAT logon script 2.0.0 → 2.1.0 - %USERPROFILE%\Start Menu\Programs\startup\desktop.ini, which is created by setting a view mode in Windows Explorer, combined with setting .ini files to open in a text editor, causes desktop.ini to open in the text editor on login for some people. To fix this we now delete some desktop.ini files instead of hiding them.

Inkscape 0.48.2-1 → 0.48.4-1 (security update, but also incidentally a major bug-fix version)
Note: may not be silent, may occasionally complain about a file having changed since installation, requiring 'Yes to all'
Requires new inkscape-0.48.4-1-win32.exe, see Inkscape page for details.

Version 4.0.9 - 5 March 2013

Sun Java Runtime Environment (JRE) 6.0 update 41 → 6.0 update 43 (security update)
Requires new jre-6u43-windows-i586.exe, see Java Runtime Environment page for details.
NOTE: "JDK 6 Support - This release is the last of publicly available JDK 6 Updates. Oracle recommends that users migrate to JDK 7 in order to continue receiving public updates and security enhancements. All JDK 6 releases up to and including 6u43 will be moved to Java Archive, where they will remain available but will not receive updates. For users who require continued access to JDK 6 updates, long term support is available through the Java SE Support program."

Version 4.0.4 - 9 January 2013

pfSense firewall / router 2.0.1 → 2.0.2 (security and bug-fix update)
Note: "Auto Update URL - For those upgrading from a prior release, first please make sure you're on the correct auto-update URL. Tens of thousands of installs were from 2.0 pre-release snapshots which had their update URL set to the snapshot server rather than the stable release updates. Others had manually set their architecture incorrectly at some point and had failed upgrades because of it. Just browse to System>Firmware, Updater Settings tab. From the "Default Auto Update URLs" drop down box, pick either the stable i386 or amd64 depending on which version you have installed, and click Save. Then you can use the auto-update and be ensured you're pulling from the correct location."

Flash Player for Firefox 11.4.402.287 → 11.5.502.110 (security update)
Requires new install_flash_player.exe, see Flash Player page for details.
Also fix for Flash Player mistakenly installing on each startup, and uninstall not working.

K-Lite codec pack (Standard) 9.30 → 9.40 (because this is a collection of different programs from different sources, each with their own changelogs that K-Lite don't describe, we upgrade on principle for security reasons)
Requires new K-Lite_Codec_Pack_940_Standard.exe

K-Lite Codec Pack (standard) 5.7.0 → 7.0.0 (with RCS 3.6.8) → 9.3.0 - we will henceforth provide more rigorous security support for K-Lite as the various codecs it includes themselves include security updates. This meant we had a lot of security vulnerabilites, for example K-Lite includes ffdshow, which includes ffmpeg, whose verson 0.11 on 19 September included tens of security fixes.
Changed the pre-config options, resulting in a new .ini file.
Changed the name of the .ini file from our custom name of klite-settings.ini to K-Lite's default name of klcp_standard_unattended.ini.

Fixes to Workstation Software

...

Removed Workstation Software

Eraser

OggCodecs - K-Lite includes all the same decoders, though not the encoders, but we don't need the encoders. (To upgrade it to 0.85 "Before installation follow these steps: Uninstall any previous version of these filters. (This is important!)" but thatcan't be done without manual interaction)

Other Changes to Workstation Software

Picasa no longer tries to update itself and then finds itself unable to.

Background Things

TWEAK 0.9.4.2 - this is now automatically installed where as before we would copy it manually to each workstation.

TWEAK Unattended

tweak-unattended-bluegriffon-system-config-disable-updates

ccleaner-system-config.bat to disable updates

...

...

People's Windows profiles will now be removed from the workstation when they logout. This will save performing the periodic maitenance operation of removing them by hand. (tweak-unattended-windows-config-domain / windows-config-domain.bat)

Version 3.6.29 - 24 April 2012

Flash Player for Firefox 11.1.102.63 → 11.2.202.233 (major new version and security update).
This version includes the Adobe Flash Player Update Service that will be installed but remain off by default because we have turned off auto updates already as they could not be installed by people logged in with a Limited account. We may choose to turn on auto updates using this new service now that it will work with Limited accounts.
Requires new install_flash_player_32bit.exe, see Flash Player page for details.

Firefox - Prevent Firefox 3.6 prompting users with a popup window advising they upgrade to Firefox 12 or 13 after support ends for 3.6 on 24 April 2012. RCS 4.0 will be available with Firefox 10 soon.
Requires updated firefox-custom-disable-updates.js version 1.1 (from TWEAK) downloading and placing in Firefox installer directory WPKG\packages\firefox\.

Eraser / packages.xml - update to fix Eraser's 'uninstall' command so that we can remove it in RCS 4.0
Requires the updated packages.xml.

Flash Player for Firefox - 10.3.183.7 → 10.3.183.10 (security updates).
Requires new install_flash_player.exe, see Flash Player page for details.

Windows Remote Desktop Connection 7.0 client (http://support.microsoft.com/kb/969084). The customised version of Windows XP we install has Remote Desktop capabilities removed as we use VNC instead. With the update to the Remote Desktop client in recent months, Windows tries to install the update then fails, annoyingly prompting on each and every shutdown to install it. To fix that, we're installing just the client portion of Remote Desktop here.
Requires windows-remote-desktop-connection-client\WindowsXP-KB969084-x86-enu.exe. Note the correspondingly updated profiles.xml

Flash Player for Firefox - 10.3.183.5 → 10.3.183.7 (just compatibility issues, but Firefox complains it's out of date which could worry people).
Requires new install_flash_player.exe, see Flash Player page for details.

Version 3.6.19 - 11 August 2011

Java Runtime Environment - there's an issue with current versions of the JRE that, when it's simply reinstalled, most of its program files are lost. Because we've reinstalled it recently, versions of the JRE that are installed are broken to some extent. This update will uninstall it, then install it, to get it working again. Oracle recognise the issue, but only when using the MSI installer, where as we use the .exe installer, yet still see the issue.
Requires the updated packages.xml.

Version 3.6.17 - 27 July 2011

OpenOffice (actually Novell's Go-oo) 3.2.0 → 3.2.1.4
Version 3.2.0 has a major issue where by spreadsheets embedded in word processed documents (known as OLE objects) saved in .doc files couldn't be seen
Requires new GoOo-3.2.1-11.exe and GoOo-langpack-en-GB-3.2.1-11.exe, and your existing openoffice-installer-customisation.mst, see OpenOffice page for details, however we don't know how to download this old version now as the go-oo.org site redirects you to the LibreOffice site - we happened to have already downloaded this before the site shut down.

Java Runtime Environment - Fixed an issue from 11 June 2011 where on new installs JRE 6.0 update 25 as well as 6.0 update 26 was installed
This just requires the updated packages.xml.

Version 3.6.10 - 26 April 2011

Flash Player for Firefox 10.2.153.1 → 10.2.159.1 (security update).
Requires new install_flash_player.exe, see Flash Player page for details.

Sun Java Runtime Environment (JRE) 6.0 update 24 → 6.0 update 25. This is not a security update; The previous upgrade in RCS 3.6.9 to JRE 6.0u24 caused an issue where by the Java Runtime Environment became inoperable, the only fix being to uninstall it.
Requires new jre-6u25-windows-i586.exe, see Java Runtime Environment page for details.

Version 3.6.9 - 26 March 2011

You should manually upgrade Microsoft Security Essentials to version 2.
(There's no way we know of to programatically detect which version is installed. This is an 'Upgrade' (a major upgrade of the program itself) rather than an 'Update' (of the virus definitions) so it doesn't auto update to it; the upgrade isn't available via http://updates.microsoft.com; you have to run the upgrade as an Administrator rather than a Restricted user (not sure about Power User); choose Help → Upgrade..., or wait a while and it will prompt; after the upgrade there's no mention of the VNC 'excluded processes' in settings, but that doesn't seem to matter any more, or if you do a scan it will find the UltraVNC file(s) and prompt you to quarantine or Allow.)

QT Lite 3.1.0 → 4.1.0 (security and functionality update, included here for security update). As this installs after K-Lite Codec Pack it will associate MP3 and other files types in Firefox with QuickTime instead of Windows Media Player plugin / Media Player Classic (?), which shouldn't be an issue.

Sun's OpenOffice 3.1.1 → Novell's Go-oo (AKA OpenOffice) 3.2.0-13 - because it has better Microsoft Office compatability by turning on various user options that were otherwise turned off by default; includes plugins that we were installing seperately.

The main Debian archive no longer includes Debian 4.0 Etch packages and security updates, so ftp.uk.debian.org and security.debian.org have been replaced with archive.debian.org

GR Soft Virtual Mail Manager - So that it can be accessed from a saner URL: cp -a /srv/mailmanager/login.php /srv/mailmanager/index.php

GR Soft Virtual Mail Manager - To be able to forward mail to outside domains in version 1.7 series, in 'function fqdn_check($fqdn)' in /srv/mailmanager/mgr_main.php, replace 'return (preg_match("/^([a-zA-Z0-9-]{3,}+\.)+([a-zA-Z]{2,3})$/", $fqdn, $regs));' with 'return (preg_match("/^([a-zA-Z0-9-]{3,}+\.)+([a-zA-Z.]{2,10})$/", $fqdn, $regs));' (the bit that is replaced is '[a-zA-Z]{2,3}' with '[a-zA-Z.]{2,10}')

Replaced Adobe Reader with Foxit Reader 3.1.1.0901 (rev. 3) - Adobe Reader has far more features than anyone uses or expetcs from a PDF reader, and with those features (JavaScript, Flash) comes a myriad of security vulnerabilities that require constant patching of Adobe Reader to mitigate against; Adobe Reader is difficult to package for auto installation; when viewing PDFs in Firefox Adobe Reader has the effect of causing the tab from which the PDF opened to hang; Adobe Reader uses a lot of memory where as Foxit Reader specifically uses very little.

Internet Explorer upgraded to version 8 (this should have been mentioned in the changes for RCS 3.4)

Fixed

MySQL Connector/ODBC 5.1.5 → 3.51.26 - Should never have updated from 3.51 to 5.1 in RCS 3.4 as 5.1 won't work when connecting to our Debian Etch server running MySQL 5.0. When using a form it says "The data content could not be loaded. There exists no table named "<database>.<table>".". Presumably ODBC 5.1 is specifically for MySQL 5.1?

Removed

Goldfish email autoreponder removed as we never managed to get it to work.

Other Changes

Added more auto configuration, using TWEAK Unattended. In 3.4 only user config was automated enough to do that user config which was required for an update from 3.3 to 3.4. Now that has been expanded to do all config that TWEAK itself did. Still, the system config is only enough to cover that which is required for the upgrade from 3.4 to 3.5, with the exception of Flash Player config.

Changes from Auto Backup A Server To A Hotswap USB Disk versions 1.4.0, 1.4.1 and 1.5.0 - see the Release Notes

Changes from pfSense firewall guide 0.8.17 and 0.9.1 - see the Release Notes

Changes from TWEAK (Unattended) 0.9.5 that relate to the RCS

flash-disable-auto-update-mms.cfg - removed windowlessdisable=true because Telegraph TV broken and settings dialog unreachable with it. It's supposed to disable floating adverts but I've never seen any without it.

Irfanview Configuration was copying the configs from %PROGRAMFILES%\IrfanView rather than from TWEAK itself, this was made in TWEAK 0.9.4 but not made in TWEAK Unattended 0.9.4

Added new logging mechanism. The RCS 3.4 user config via logon script doesn't want to run for RCS 3.5, because it's only for upgrades and new users. For RCS 3.5 the existing user doesn't want a new OpenOffice config where as new users do so now we need to differenciate differently between the two groups or move to a new system. As for shortcuts, shortcuts were changed in TWEAK 0.9.4.1/2, yet the shortcut suite wasn't refreshed via the login script for exsting users. We need a new mechanism so that we can selectively apply fixes to existing users whilst at the same time apply all the config to new users (rcs-user-config-if-not-already-done.bat). And a bit of script to run before they login in order to create the directories to get existing users who dont need any of it through the logon script without it running - hence mark-all-user-config-as-done.bat.

File Type Associations - 'Archive files (i.e. .Zip) Open in 7-Zip (Edit for ISO opens in 7-Zip)' - setting 7-Zip to 'edit' .iso files was mistakenly setting a 7-Zip icon for .iso files when it shouldn't be. The icon should be left to that of InfraRecorder as set in 'ISO disc images to open in InfraRecorder for writing to disc' [/DIS="%PROGRAMFILES%\7-Zip\7z.dll,1"]

Windows Configuration

'Configure Windows system behaviour and interface on this machine' - 'set Windows Automatic Updates to not automatically reboot after applying updates' - didn't work, now fixed. I believe this did work and that it stopped working since Windows XP SP3, but I can't be sure. The registry setting it made was at HKLM\Software\Policies\Microsoft\Windows\Windows Update\AU when it should have been at HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU. TWEAK now makes both settings as I can't be sure earlier versions of Windows didn't work the previous way.

Version 3.4 (February 2009)

This version uses packages.xml version 1.5.0 and profiles.xml version 1.0.

Added

Some automated system and user account configuration using a new unattended version of TWEAK has been added. The system config is done using WPKG; the user config is done using the logon script, netlogon.bat.

Manual updates for the transition from RCS 3.3 to 3.4 are now no longer necessary. In future more automated configuration will be added. More was actually written - Windows configuration 'general settings' and 'domain-specific settings' and Flash Player revision 6 'auto copy of config file mms.cfg' - but WPKG hangs when running them so they were pulled at the last mnute. The hope is that the bottleneck for deploying the RCS on a large numer of workstations, of having to apply updated configuration manually using TWEAK, can be eliminated.

The changes required are the addition of various batch files in \\server\windows-admin\tweak-unattended\, an addition to netlogon.bat and to packages.xml, see the Release Notes for details. Only the minimum required to deploy an RCS 3.3 to 3.4 upgrade has been implemented so far:

Fixed

Firefox can be set as default web browser so it doesn't nag when you open it [TWEAK 0.9.4]

Right-click and edit a HTML file opens it in Notepad, should open it in KompoZer [TWEAK 0.9.4: I → WEM]

Picasa auto update is now able to be turned off [TWEAK 0.9.4: B → P → K]

Version 3.3 Update 2 (2nd December 2008)

This version uses packages.xml version 1.4.4; profiles.xml version 0.9.1.

Firefox 3.0.3 → 3.0.4

Thunderbird 2.0.0.17 → 2.0.0.18

Version 3.3 Update 1 (29th September 2008)

This version uses packages.xml version 1.4.3; profiles.xml version 0.9.1.

Thunderbird 2.0.0.16 → 2.0.0.17

Firefox 3.0.1 → 3.0.3

TWEAK - 0.9.2 → 0.9.3

Version 3.3 (16th September 2008)

This version uses packages.xml version 1.4.2.

New

Windows Media Player plugin for Firefox

K-Lite Codec Pack 4.1.0 (Standard) - http://www.codecguide.com/features_standard.htm - gives us DVD playback in Windows Media Player (and a host of other media support). Ogg Codec installer has been retained for its FLAC support due to the fact we can't remove it silently.

Removed

ASpell and ASpell dictionaries (English) - they were for Pidgin, which has included ASpell for all languages since version 2.0.1(?)

Changed

Adobe Reader - we spend a massively disproportionate amount of time creating an MSI transform to change the Adobe Reader installation directory so that it doesn't have a version in its path so we can maintain our Adobe Reader shortut in Start - Programs - Office. We're no longer going to do this. We're able to do this for this program in particular and not others because we don't expect people use Adobe Reader by running the program from its shortcut, instead using it from within a web browser or by choosing to load a PDF file directly from within Windows Explorer.

With RCS 3.1 & 3.2, Thunderbird UK spellcheck dictionary is installed but isn't working as Thunderbird isn't noticing it. We installed MySpell dictionaries in %PROGRAMFILES%\Mozilla Thunderbird\components\myspell\ which was correct for Thunderbird 1.5 but Thunderbird 2.0 expects them in %PROGRAMFILES%\Mozilla Thunderbird\dictionaries. We've fixed this and also are now using a MySpell dictionary from Mozilla, version 1.16, rather than version 1.18 from the original author.

Miscellaneous

Our new sun Java Runtime Environment WPKG packaging removes all previous versions of JRE rather than leaving them in, fixing a long-standing issue. Because JRE doesn't uninstall prior versions, and it's a large installation, it eats up disk space. This hasn't remotely been a problem yet because we've only shipped a few versions but it would become a problem in time.

We now set 7-Zip file type associations during workstation installation, using TWEAK

The Windows Firewall will now allow workstations to answer ping requests, useful in troubleshooting

Changed the location of sub-group directories on the server, creating 'restricted' - see Samba guide version 0.9.0 or later

pfSense firewall appliance replaces IPCop (firewall appliance) and ZERINA (OpenVPN). pfSense is an even higher quality firewall appliance than IPCop.
Because we relied upon the seperate ZERINA module for OpenVPN support, the firewall was vulnerable when an updated IPCop was available but we had to hold off upgrading because we were waiting on the corresponding ZERINA. Also we couldn't perform that upgrade remotely because we were trying to upgrade the very VPN software we were using for remote access. pfSense fixes both these issues. Firewall installation, configuration and usage is now documented here, previously there was no documentation here for the firewall (though there was for the VPN, and there was documentation at the IPCop web site).

WPKG Client 1.2.1 - allows workstation software to be updated by remotely adding software to the server then it automatically installing when a user logs in to their workstation

Updated

The server, Debian 3.1 'Sarge' → Debian 4.0 'Etch'. An updated suite of server software (Windows domain server, mail server, print server) and an updated server operating system in general bringing lots of worthwhile capabilities. Security support for Debian 3.1 'Sarge' runs out in April 2008 so there's an imperative to upgrade.

Windows XP Service Pack 2 (SP2) → Service Pack 3 (SP3)

Documentation has been improved

7-Zip 4.42 → 4.57

Adobe Reader 8.0.0 → 8.1.2

F-Prot 6.0.7.0 → 6.0.8.0 (F-Prot is self updating anyway)

FileZilla 2.2.32 → 3.0.7

Firefox 2.0.0.4 → 2.0.0.14

Flash Player 9.0.16 → 9.0.124

(GNU) Ghostscript 8.56 → 8.61

GIMP 2.2.15 → 2.4.5

GIMP Help 0.11 → 2-2.4

GnuPG 1.4.7 → 1.4.8

InfraRecorder 0.42.1 → 0.45. No longer experimental as it actually works now for regular users

Inkscape 0.45.1-1 → 0.46

Irfanview 4.0 → 4.10

Irfanview Plugins 4.0 → 4.10

KompoZer 0.7.7 → 0.7.10

Notepad++ 4.1.1 → 4.8.1

OpenOffice 2.2.1 → 2.4.0

Picasa 2.7 build 36.40 → 2.7 build 37.49

Pidgin 2.0.2 → 2.4.1

Scribus 1.3.3.9 → 1.3.3.11 (adds PDF editing)

Thunderbird 2.0.0.4 → 2.0.0.12

Enigmail 0.95 → 0.95.6

WinSCP 4.0.3 → 4.0.6

Java Runtime Environment 6.0 update 1 → 6.0 update 4

TWEAK - 0.9.0 beta 7 → 0.9.0 RC3

Twix - 0.3.4 → 0.3.6. Can now be used to create user accounts on the server where before it was done much more manually.

Windows XP Service Pack 2 → Service Pack 3 (claims a 10% speed boost)

WPKG 1.0RC2 → 1.0.2

Removed

Dia - use OpenOffice Draw instead, it's more intuitive

GTK+ runtime environment - all software applications requiring GTK+ now each use their own GTK+ rather than all sharing a single GTK+ (GIMP 2.4 now includes GTK+ without the option of getting it separately; we've dropped Dia which didn't include its own GTK+

Resolved Issues

Kompozer 0.7.10 will now work if installed using the following method (see KompoZer issue 1806420): install earlier version (for file type associations); remove earlier version program directory; create new program files directory; copy 0.7.10 files into there

UltraVNC is now auto installing using WPKG, where before it had to be installed manually